4. The Kerberos Database

4. The Kerberos Database

The Kerberos server must have access to a database containing the
principal identifiers and secret keys of principals to be
authenticated (The implementation of the Kerberos server need not
combine the database and the server on the same machine; it is
feasible to store the principal database in, say, a network name
service, as long as the entries stored therein are protected from
disclosure to and modification by unauthorized parties. However, we
recommend against such strategies, as they can make system management
and threat analysis quite complex.).